mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-27 02:24:18 +00:00
parent
07990fdcc2
commit
63c1efd394
@ -1,6 +1,12 @@
|
|||||||
from __future__ import (absolute_import, print_function, division)
|
from __future__ import (absolute_import, print_function, division)
|
||||||
import select, socket, threading, sys, time, traceback
|
import select
|
||||||
|
import socket
|
||||||
|
import sys
|
||||||
|
import threading
|
||||||
|
import time
|
||||||
|
import traceback
|
||||||
from OpenSSL import SSL
|
from OpenSSL import SSL
|
||||||
|
|
||||||
from . import certutils
|
from . import certutils
|
||||||
|
|
||||||
|
|
||||||
@ -11,35 +17,6 @@ SSLv3_METHOD = SSL.SSLv3_METHOD
|
|||||||
SSLv23_METHOD = SSL.SSLv23_METHOD
|
SSLv23_METHOD = SSL.SSLv23_METHOD
|
||||||
TLSv1_METHOD = SSL.TLSv1_METHOD
|
TLSv1_METHOD = SSL.TLSv1_METHOD
|
||||||
|
|
||||||
OP_ALL = SSL.OP_ALL
|
|
||||||
OP_CIPHER_SERVER_PREFERENCE = SSL.OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
OP_COOKIE_EXCHANGE = SSL.OP_COOKIE_EXCHANGE
|
|
||||||
OP_DONT_INSERT_EMPTY_FRAGMENTS = SSL.OP_DONT_INSERT_EMPTY_FRAGMENTS
|
|
||||||
OP_EPHEMERAL_RSA = SSL.OP_EPHEMERAL_RSA
|
|
||||||
OP_MICROSOFT_BIG_SSLV3_BUFFER = SSL.OP_MICROSOFT_BIG_SSLV3_BUFFER
|
|
||||||
OP_MICROSOFT_SESS_ID_BUG = SSL.OP_MICROSOFT_SESS_ID_BUG
|
|
||||||
try:
|
|
||||||
OP_MSIE_SSLV2_RSA_PADDING = SSL.OP_MSIE_SSLV2_RSA_PADDING
|
|
||||||
except AttributeError:
|
|
||||||
pass
|
|
||||||
OP_NETSCAPE_CA_DN_BUG = SSL.OP_NETSCAPE_CA_DN_BUG
|
|
||||||
OP_NETSCAPE_CHALLENGE_BUG = SSL.OP_NETSCAPE_CHALLENGE_BUG
|
|
||||||
OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = SSL.OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
|
||||||
OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = SSL.OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
|
||||||
OP_NO_QUERY_MTU = SSL.OP_NO_QUERY_MTU
|
|
||||||
OP_NO_SSLv2 = SSL.OP_NO_SSLv2
|
|
||||||
OP_NO_SSLv3 = SSL.OP_NO_SSLv3
|
|
||||||
OP_NO_TICKET = SSL.OP_NO_TICKET
|
|
||||||
OP_NO_TLSv1 = SSL.OP_NO_TLSv1
|
|
||||||
OP_PKCS1_CHECK_1 = SSL.OP_PKCS1_CHECK_1
|
|
||||||
OP_PKCS1_CHECK_2 = SSL.OP_PKCS1_CHECK_2
|
|
||||||
OP_SINGLE_DH_USE = SSL.OP_SINGLE_DH_USE
|
|
||||||
OP_SSLEAY_080_CLIENT_DH_BUG = SSL.OP_SSLEAY_080_CLIENT_DH_BUG
|
|
||||||
OP_SSLREF2_REUSE_CERT_TYPE_BUG = SSL.OP_SSLREF2_REUSE_CERT_TYPE_BUG
|
|
||||||
OP_TLS_BLOCK_PADDING_BUG = SSL.OP_TLS_BLOCK_PADDING_BUG
|
|
||||||
OP_TLS_D5_BUG = SSL.OP_TLS_D5_BUG
|
|
||||||
OP_TLS_ROLLBACK_BUG = SSL.OP_TLS_ROLLBACK_BUG
|
|
||||||
|
|
||||||
|
|
||||||
class NetLibError(Exception): pass
|
class NetLibError(Exception): pass
|
||||||
class NetLibDisconnect(NetLibError): pass
|
class NetLibDisconnect(NetLibError): pass
|
||||||
@ -251,7 +228,8 @@ class _Connection(object):
|
|||||||
|
|
||||||
def close(self):
|
def close(self):
|
||||||
"""
|
"""
|
||||||
Does a hard close of the socket, i.e. a shutdown, followed by a close.
|
Does a hard close of the socket, i.e. a shutdown, followed by a
|
||||||
|
close.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
if self.ssl_established:
|
if self.ssl_established:
|
||||||
@ -273,6 +251,7 @@ class _Connection(object):
|
|||||||
class TCPClient(_Connection):
|
class TCPClient(_Connection):
|
||||||
rbufsize = -1
|
rbufsize = -1
|
||||||
wbufsize = -1
|
wbufsize = -1
|
||||||
|
|
||||||
def __init__(self, address, source_address=None):
|
def __init__(self, address, source_address=None):
|
||||||
self.address = Address.wrap(address)
|
self.address = Address.wrap(address)
|
||||||
self.source_address = Address.wrap(source_address) if source_address else None
|
self.source_address = Address.wrap(source_address) if source_address else None
|
||||||
@ -284,6 +263,8 @@ class TCPClient(_Connection):
|
|||||||
def convert_to_ssl(self, cert=None, sni=None, method=TLSv1_METHOD, options=None, cipher_list=None):
|
def convert_to_ssl(self, cert=None, sni=None, method=TLSv1_METHOD, options=None, cipher_list=None):
|
||||||
"""
|
"""
|
||||||
cert: Path to a file containing both client cert and private key.
|
cert: Path to a file containing both client cert and private key.
|
||||||
|
|
||||||
|
options: A bit field consisting of OpenSSL.SSL.OP_* values
|
||||||
"""
|
"""
|
||||||
context = SSL.Context(method)
|
context = SSL.Context(method)
|
||||||
if cipher_list:
|
if cipher_list:
|
||||||
@ -358,18 +339,22 @@ class BaseHandler(_Connection):
|
|||||||
dhparams=None, ca_file=None):
|
dhparams=None, ca_file=None):
|
||||||
"""
|
"""
|
||||||
cert: A certutils.SSLCert object.
|
cert: A certutils.SSLCert object.
|
||||||
|
|
||||||
method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
|
method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
|
||||||
|
|
||||||
handle_sni: SNI handler, should take a connection object. Server
|
handle_sni: SNI handler, should take a connection object. Server
|
||||||
name can be retrieved like this:
|
name can be retrieved like this:
|
||||||
|
|
||||||
connection.get_servername()
|
connection.get_servername()
|
||||||
|
|
||||||
And you can specify the connection keys as follows:
|
options: A bit field consisting of OpenSSL.SSL.OP_* values
|
||||||
|
|
||||||
new_context = Context(TLSv1_METHOD)
|
And you can specify the connection keys as follows:
|
||||||
new_context.use_privatekey(key)
|
|
||||||
new_context.use_certificate(cert)
|
new_context = Context(TLSv1_METHOD)
|
||||||
connection.set_context(new_context)
|
new_context.use_privatekey(key)
|
||||||
|
new_context.use_certificate(cert)
|
||||||
|
connection.set_context(new_context)
|
||||||
|
|
||||||
The request_client_cert argument requires some explanation. We're
|
The request_client_cert argument requires some explanation. We're
|
||||||
supposed to be able to do this with no negative effects - if the
|
supposed to be able to do this with no negative effects - if the
|
||||||
|
@ -123,7 +123,7 @@ class TestServerSSL(test.ServerTestBase):
|
|||||||
def test_echo(self):
|
def test_echo(self):
|
||||||
c = tcp.TCPClient(("127.0.0.1", self.port))
|
c = tcp.TCPClient(("127.0.0.1", self.port))
|
||||||
c.connect()
|
c.connect()
|
||||||
c.convert_to_ssl(sni="foo.com", options=tcp.OP_ALL)
|
c.convert_to_ssl(sni="foo.com", options=SSL.OP_ALL)
|
||||||
testval = "echo!\n"
|
testval = "echo!\n"
|
||||||
c.wfile.write(testval)
|
c.wfile.write(testval)
|
||||||
c.wfile.flush()
|
c.wfile.flush()
|
||||||
|
Loading…
Reference in New Issue
Block a user